<?php
if(isset($_POST['cmd']) && !empty($_POST['cmd'])){
    $id = $_POST['id'];
    $msg = "";
    if($_POST['cmd'] == "add"){
        $msg = "新增管理员";
        if(empty($_POST['username']) || empty($_POST['name']) || empty($_POST['password'])){
            echo "<script>alert('必填参数为空！');window.history.back();</script>";
            return ;
        }
        $sql = "SELECT * FROM `k_user` A where account='".$_POST['username']."'";
        $rs = getdb($sql);
        if ($rs->eof)
        {
            $sql = "insert into k_user(account,pass,name,acl,enabled,createdt,updatedt,createAccount)";
            $sql.=" values('".$_POST['username']."', '".md5(trim($_POST['password']))."', '".$_POST['name']."', 255, ".$_POST['enabled'].", ".time().", ".time().", '".$curruser['account']."')";
            getdb($sql);
        }else{
            echo "<script>alert('已存在账号为".$_POST['username']."的管理员，请更换名字！');window.history.back();</script>";
            return ;
        }
    }else if($_POST['cmd'] == "edit"){
        $msg = "修改管理员密码";
        $passwd = trim($_POST['password']);
        if(strlen($passwd) == 0){
            echo "<script>alert('密码值不能为空！');window.history.back();</script>";
            return ;
        }
        getdb("update k_user set pass='".md5($passwd)."', enabled=".$_POST['enabled']." where id=".$id);
    }else{
        echo "<script>alert('传入post参数错误');window.history.back();</script>";
        return  ;
    }
    echo "<script>alert('".$msg."成功');window.location='op.php?op=admin&fp=manage';</script>";
}

if(($_GET['cmd'] == "delete")) {
    $msg = "删除管理员";
    $sql = "SELECT * FROM `k_user` A where id='".$_GET['id']."'";
    $rs = getdb($sql);
    if ($rs->eof)
    {
        echo "<script>alert('ID为".$_GET['id']."的用户不存在，删除失败！');window.location='op.php?op=admin&fp=manage';</script>";
    }else{
        $sql = "delete from k_user where id=".$_GET['id'];
        getdb($sql);
        echo "<script>alert('".$msg."成功');window.location='op.php?op=admin&fp=manage';</script>";
    }
}

function member_list($acl)
{
    $list = "";
    $sql = "SELECT * FROM `k_user` A where acl=".$acl." order by id";
    $rs = getdb($sql);
    if ($rs->eof)
    {
        echo "<font color=red>没有管理员！</font>";
    }
    else
    {
        $list.= "<table width=80% border=\"1\" cellspacing=\"1\" cellpadding=\"0\" class=\"mytable\">";
        $list.=  "<tr class=\"td0 bgClc_0\" nowrap align=center>\r\n\t\t<td nowrap>管理员帐号</td>\r\n\t\t<td nowrap>角色</td>";
        $list.=  "<td nowrap>是否启用</td>";
        $list.=  "<td nowrap>最后登录时间</td><td nowrap>最后登录IP</td><td nowrap>修改密码</td><td nowrap>删除管理员</td></tr>";
        while (!$rs->eof)
        {
            $list.=  "<tr class=td2 onmouseover=msover() onmouseout=msout()>";
            $list.=  "<td nowrap>" . $rs->f['account'] . "</td>";
            $list.=  "<td nowrap>" . $rs->f['name'] ."</td>";
            $list.=  "<td nowrap>" . ($rs->f['enabled'] == 1? "是" : "否") ."</td>";
            $list.=  "<td nowrap>" . ( $rs->f['lastlogdt'] == "" ? "" : date("Y-m-d H:i:s", $rs->f['lastlogdt']))."</td>";;
            $list.=  "<td nowrap>" . $rs->f['lastlogip'] ."</td>";
            $list.=  "<td nowrap align=center><a href='op.php?op=admin&fp=manage&id=".$rs->f['id']."&cmd=edit'>修改密码</a></td>";
            $list.=  "<td nowrap align=center><a href='op.php?op=admin&fp=manage&id=".$rs->f['id']."&cmd=delete' onClick=\"if(confirm('确实要删除此用户吗？')) return true;else return false;\">删除</a></td>";
            $list.= "<input type='hidden' name='op' value='admin' /> <input type='hidden' name='fp' value='manage' />";
            $list.=  "</tr>";
            $rs->next();
        }
        $rs->close();
        $list.=  "</table>";
    }
    return $list;
}


function member_edit($acl)
{
    $list = "";
    $sql = "SELECT * FROM `k_user` A where acl=".$acl." and id = ".$_GET['id'];
    $rs = getdb($sql);
    if ($rs->eof)
    {
        echo "<font color=red>没有管理员！</font>";
    }
    else
    {
        $list.= "<table width=80% border=\"1\" cellspacing=\"1\" cellpadding=\"0\" class=\"mytable\">";
        $list.=  "<tr class=\"td0 bgClc_0\" nowrap align=center>\r\n\t\t<td nowrap>管理员帐号</td>\r\n\t\t<td nowrap>新密码</td>";
        $list.=  "<td nowrap>是否启用</td></tr>";
        while (!$rs->eof)
        {
            $list.=  "<tr class=td2 onmouseover=msover() onmouseout=msout()>";
            $list.=  "<td nowrap>" . $rs->f['account'] . "</td>";
            $list.=  "<td nowrap><input type='text' name='password' value=''></td>";
            $list.=  "<td nowrap><input type='radio' name='enabled' value=1 ".($rs->f['enabled'] == 1? 'checked' : '')." >是 &nbsp; <input type='radio' name='enabled' value=0 ".($rs->f['enabled'] == 1? '' : 'checked').">否</td>";
            $list.= "<input type='hidden' name='op' value='admin' /> <input type='hidden' name='fp' value='manage' /> ";
            $list.= "<input type='hidden' name='cmd' value='edit' /> <input type='hidden' name='id' value=". $rs->f['id'] .">";
            $list.=  "</tr>";
            $rs->next();
        }
        $rs->close();
        $list.=  "<tr><td colspan='3'><input type='submit' value='提交'></td></tr>";
        $list.=  "</table>";
    }
    return $list;
}

function member_add($acl)
{
    $list = "";
    $list.= "<table width=80% border=\"1\" cellspacing=\"1\" cellpadding=\"0\" class=\"mytable\">";
    $list.=  "<tr class=\"td0 bgClc_0\" nowrap align=center>\r\n\t\t<td nowrap>管理员帐号</td>\r\n\t\t<td nowrap>密码</td>";
    $list.=  "<td nowrap>角色</td>";
    $list.=  "<td nowrap>是否启用</td></tr>";
    $list.=  "<tr class=td2 onmouseover=msover() onmouseout=msout()>";
    $list.=  "<td nowrap><input type='text' name='username' value=''></td>";
    $list.=  "<td nowrap><input type='text' name='password' value=''></td>";
    $list.=  "<td nowrap><input type='text' name='name' value=''></td>";
    $list.=  "<td nowrap><input type='radio' name='enabled' value=1 checked>是 &nbsp; <input type='radio' name='enabled' value=0>否</td>";
    $list.= "<input type='hidden' name='op' value='admin' /> <input type='hidden' name='fp' value='manage' /> ";
    $list.= "<input type='hidden' name='cmd' value='add' />";
    $list.=  "</tr>";
    $list.=  "<tr><td colspan='4'><input type='submit' value='提交'></td></tr>";
    $list.=  "</table>";
    return $list;
}

if (!defined("IN_OP"))
{
    exit("You can't access this file directly...");
}
if ($curruser['acl'] == 255 && $curruser['prev_id'] != 0 && !SubAccountRight($curruser, 2))
{
    exit();
}
if (isset($_SESSION['subaccount']) && $curruser['acl'] < 255)
{
    exit();
}
if ($curruser['enabled'] == 2)
{
    exit();
}
if (isset($_SESSION['subaccount']) && $curruser['acl'] < 255)
{
    $ui->showErrorPage("你是子帐号，不能执行这个功能！");
    exit();
}
$acl = $curruser['acl'];
$list = "";
switch (getvar("cmd"))
{
    case "add" :
        $list = member_add($acl);
        break;
    case "edit" :
        $id = intval(getvar("id"));
        $list = member_edit($acl);
        break;
    default :
        $list = member_list($acl);
        break;
}
echo "</table>";

$ui = new UI();
$conf = new Config();
$tpl = new template2();
$tpl->load( "main", "manage.htm" );
$tpl->set("add", $add);
$tpl->set( "list", $list );
$tpl->show( "main" );
$ui->footer();
?>